[Dshieldannounce] Windows XP Pro Firewall Logs

Johannes B. Ullrich jullrich at euclidian.com
Thu Oct 18 17:38:04 UTC 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


A full week ahead of the official launch of Windows XP, we got a client
ready to submit Windows XP Pro firewall logs. The logging in Windows XP
Pro is actually not bad. However, the firewall feature is a bit hidden, so
we setup an instruction page that will show you how to enable it:

http://www.dshield.org/clients/windows_xp_firewall_setup.html

the client:
http://www.dshield.org/windows_clients.html

Before you ask: The firewall in XP works, but is basic. You can only
filter incoming connections, and you will not see any alert boxes pop up.
But the log is pretty good and details (with flags, tcp sequence numbers
and such). I think you need the 'pro' version to get the firewall. Please
correct me if this is not true. If you have it, enable it...

Thanks to Wayne for getting the parser ready so quickly.

  Johannes.


- --
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7zxMCVOIizK5pIDMRAq5EAJ9UO14j/eQP2JzW1K6m8cUd0O+RtQCgkP1Z
kFJDyFehLE6mPeKQzLC2qUI=
=DEbr
-----END PGP SIGNATURE-----





More information about the Dshieldannounce mailing list